In the upper right hand corner of the topic you will see a button called "Watch this topic", by clicking on this => "Immediate E-Mail notification" => "Proceed" you will be advised when we respond to your topic and facilitate the cleaning of your machine.

During this cleanup, please DO NOT run, install and/or uninstall any tools/ programs other than those I suggest to you because some programs can interfere with others and/ or can cause some problems to your system.

When you receive new instructions,

Please Read the whole message.

All our tools must be launched from the Desktop (unless otherwise specified). Please make sure to save them to your Desktop and check before running each program.
To move a tool to your Desktop, right-click on it => "Cut". Right-click on your Desktop => "Paste".

Please disable ALL your protection programs (antiVirus, firewall and antiSpyware), they may otherwise interfere with our tools. If you don't know how to do, please see here and/or here.

Please perform all steps in the received order and DO NOT proceed if you need clarification.

Please DO NOT re-run any program I suggest. If you encounter problems please stop and tell me about it.

Use the Internet Explorer to run a ESET Online Scanner from Here. If you are using Windows 7 or Windows Vista, open your browser by right-clicking on its icon and select "Run as administrator".IMPORTANT: Administrator privileges are required to run ESET Online Scanner!

Click the green ESET Online Scanner button, check YES, I accept the Terms of Use and click Start.

You will need to allow an Active X install for the scan to run.

Check Scan archives and click Start

Eset will now download virus signature database and start to scan your computer. Let it run uninterrupted

Save the results (click "File" => "Save as...") to your Desktop as "scan-results" to post them into your next reply.

Check Uninstall application on close to remove ESET Online Scanner from your computer and click the Finish button.

Please copy and Paste the contents of the report into your next reply.

>>> Please double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt. Please copy and past its contents into your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

EDIT: Most of our helpers will not download files that they did not specifically request... As you might guess, many malware criminals would love to infect their computers... We allow plenty of room in a post to copy/paste your logs, so please use it rather than attaching a file unless asked... Please read the instructions at the top of each forum and our FAQ... Thank you...

9/9/2010 9:35:00 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.9/9/2010 9:34:01 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..9/9/2010 3:56:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Mike-PC\Mike SID (S-1-5-21-3035079288-3762108966-1726518364-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.9/9/2010 3:02:38 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).9/7/2010 9:23:37 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.9/4/2010 11:10:53 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-21474672439/3/2010 7:44:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer LIZ-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2F3BFFA-B3B7-43B2-BC40-F6E2AD9667F1}. The master browser is stopping or an election is being forced.9/3/2010 7:32:41 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.

Scanners
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing

Scanners
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing 2010-09-17 Found nothing
2010-09-17 Found nothing

Very important:Your version of Java is out of date. I recommend you update to the newest Version:Please download to your Desktop the newest version from here.

It's important that you uninstall older versions of Java. They can leave holes and vulnerabilities on your computer.

Please, go to Start => Control Panel double-click on the Software icon => Add or Remove programs.Search in the list for all previous installed versions of Java (J2SE Runtime Environment.... ). They should have this icon next to them: Select each in turn and click Remove.

Enable Automatic Updates for your Windows under Start => Control Panel => Automatic Updates. These updates address known issues and will strengthen your protection against known security threats. Without these updates I can almost guarantee that you will get infected again.

Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Nowadays, most malware is developed only to steal personal information and/or various passwords. I recommend you change all your passwords - make sure you create strong passwords and use a different password for every site (you can keep them in KeePass).

Back up your...

Registry with ERUNT. It can help you especially if the System Restore is disabled by malware or corrupted for some reasons.

MBR (Master Boot Record) with MBR Backup so that you can restore it if it ever becomes corrupted or infected by malware.

Please, note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here: http://www.spywarewa...nti-spyware.htm

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> Double click Defogger.exe to run the tool. Click the Disable button to disable your CD Emulation drivers and click Yes to continue.A 'Finished!' message will appear, click OK.DeFogger will now ask to reboot the machine - click OKIMPORTANT!

If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Please Do not re-enable these drivers until otherwise instructed.

>>> Close all opened programs/ windows and double-click on MBRCheck.exe.It will produce a log file saved automatically on your Desktop as "MBRCheck_Date_Time.txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

>>> Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.

If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> Double click Defogger.exe to run the tool. Click the Disable button to disable your CD Emulation drivers and click Yes to continue.A 'Finished!' message will appear, click OK.DeFogger will now ask to reboot the machine - click OKIMPORTANT!

If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Please Do not re-enable these drivers until otherwise instructed.

>>> Close all opened programs/ windows and double-click on MBRCheck.exe.It will produce a log file saved automatically on your Desktop as "MBRCheck_Date_Time.txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

>>> Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.

If an infected file is detected, the default action will be Cure, click on Continue

If a suspicious file is detected, the default action will be Skip, click on Continue

If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

Click on the System Protection link and choose the same hard disk drive or partition.

Click on the Configure button and choose Restore system settings and previous versions of files

Click on OK. => OK.

Close the System window

A new Restore Point will be created automatically.

>>> Protect your computer:

Enable Automatic Updates for your Windows under Start => Control Panel => Automatic Updates. These updates address known issues and will strengthen your protection against known security threats. Without these updates I can almost guarantee that you will get infected again.

Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Nowadays, most malware is developed only to steal personal information and/or various passwords. I recommend you change all your passwords - make sure you create strong passwords and use a different password for every site (you can keep them in KeePass).

Back up your

Registry with ERUNT. It can help you especially if the System Restore is disabled by malware or corrupted for some reasons.

MBR (Master Boot Record) with MBR Backup so that you can restore it if it ever becomes corrupted or infected by malware.

Please, note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here: http://www.spywarewa...nti-spyware.htm

Consider installing and running the following antispyware programs. They are free or free versions of commercial programs:
- SpywareBlaster. A tutorial on using SpywareBlaster may be found here.
- SpywareGuard doesn't work on 64bits). A tutorial on using SpywareGuard may be found here